Eddie James | fb1c10e | 2023-10-24 10:43:52 -0500 | [diff] [blame] | 1 | .. SPDX-License-Identifier: GPL-2.0+ |
| 2 | |
| 3 | Measured Boot |
Heinrich Schuchardt | b72160b | 2023-10-28 11:59:32 +0200 | [diff] [blame] | 4 | ============= |
Eddie James | fb1c10e | 2023-10-24 10:43:52 -0500 | [diff] [blame] | 5 | |
| 6 | U-Boot can perform a measured boot, the process of hashing various components |
| 7 | of the boot process, extending the results in the TPM and logging the |
| 8 | component's measurement in memory for the operating system to consume. |
| 9 | |
| 10 | By default, U-Boot will measure the operating system (linux) image, the |
| 11 | initrd image, and the "bootargs" environment variable. By enabling |
| 12 | CONFIG_MEASURE_DEVICETREE, U-Boot will also measure the devicetree image. |
| 13 | |
| 14 | The operating system typically would verify that the hashes found in the |
| 15 | TPM PCRs match the contents of the event log. This can further be checked |
| 16 | against the hash results of previous boots. |
| 17 | |
| 18 | Requirements |
Heinrich Schuchardt | b72160b | 2023-10-28 11:59:32 +0200 | [diff] [blame] | 19 | ------------ |
Eddie James | fb1c10e | 2023-10-24 10:43:52 -0500 | [diff] [blame] | 20 | |
| 21 | * A hardware TPM 2.0 supported by the U-Boot drivers |
| 22 | * CONFIG_TPM=y |
| 23 | * CONFIG_MEASURED_BOOT=y |
| 24 | * Device-tree configuration of the TPM device to specify the memory area |
| 25 | for event logging. The TPM device node must either contain a phandle to |
| 26 | a reserved memory region or "linux,sml-base" and "linux,sml-size" |
| 27 | indicating the address and size of the memory region. An example can be |
| 28 | found in arch/sandbox/dts/test.dts |
| 29 | * The operating system must also be configured to use the memory regions |
| 30 | specified in the U-Boot device-tree in order to make use of the event |
| 31 | log. |